Back to plugin
Pluginv0.1.6
Static analysis security
Oh My Browser · Deterministic local checks for risky code patterns and metadata mismatches.
Scanner verdict
SuspiciousApr 12, 2026, 12:59 PM
- Summary
- Detected: suspicious.dangerous_exec, suspicious.env_credential_access, suspicious.install_untrusted_source (+1 more)
- Reason codes
- suspicious.dangerous_execsuspicious.env_credential_accesssuspicious.install_untrusted_sourcesuspicious.potential_exfiltration
- Engine
- v2.2.0
Evidence
criticaldist/index.js:20
Shell command execution detected (child_process).
const found = execFileSync("which", ["omb"], { encoding: "utf-8" }).trim();criticaldist/index.js:15
Environment variable access combined with network send.
const envPath = process.env.OMB_PATH;
warndist/openclaw.plugin.json:410
Install source points to URL shortener or raw IP.
"default": "http://127.0.0.1:8787",
warnopenclaw.plugin.json:410
Install source points to URL shortener or raw IP.
"default": "http://127.0.0.1:8787",
warndist/index.js:4
File read combined with network send (possible exfiltration).
import { readFileSync } from "node:fs";